<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<html lang="zh-cn" xml:lang="zh-cn">
 <head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <meta name="DC.Type" content="topic">
  <meta name="DC.Title" content="步骤3：注册Elasticsearch集群">
  <meta name="product" content="">
  <meta name="DC.Relation" scheme="URI" content="zh-cn_topic_0000001792513814.html">
  <meta name="prodname" content="">
  <meta name="version" content="">
  <meta name="brand" content="30-OceanProtect 备份一体机 1.5.0-1.6.0 帮助中心">
  <meta name="DC.Publisher" content="20240320">
  <meta name="DC.Format" content="XHTML">
  <meta name="DC.Identifier" content="ZH-CN_TOPIC_0000001792513826">
  <meta name="DC.Language" content="zh-cn">
  <link rel="stylesheet" type="text/css" href="public_sys-resources/commonltr.css">
  <title>步骤3：注册Elasticsearch集群</title>
 </head>
 <body style="clear:both; padding-left:10px; padding-top:5px; padding-right:5px; padding-bottom:5px">
  <a name="ZH-CN_TOPIC_0000001792513826"></a><a name="ZH-CN_TOPIC_0000001792513826"></a>
  <h1 class="topictitle1">步骤3：注册Elasticsearch集群</h1>
  <div>
   <p>执行Elasticsearch索引备份恢复前，需要将Elasticsearch集群注册至<span>本产品</span>。</p>
   <div class="section">
    <h4 class="sectiontitle">操作步骤</h4>
    <ol>
     <li id="ZH-CN_TOPIC_0000001792513826__li0198134611381"><span>选择<span class="uicontrol" id="ZH-CN_TOPIC_0000001792513826__zh-cn_topic_0000001839142377_uicontrol9263121219407">“<span id="ZH-CN_TOPIC_0000001792513826__zh-cn_topic_0000001839142377_text162635121401">保护</span> &gt; 大数据 &gt; Elasticsearch”</span>。</span></li>
     <li><span>在<span class="uicontrol">“<span>集群</span>”</span>页面，单击<span class="uicontrol">“<span>注册</span>”</span>，注册Elasticsearch集群。</span><p></p><p>Elasticsearch集群注册信息如<a href="#ZH-CN_TOPIC_0000001792513826__table164432003147">表1</a>所示。</p>
      <div class="tablenoborder">
       <a name="ZH-CN_TOPIC_0000001792513826__table164432003147"></a><a name="table164432003147"></a>
       <table cellpadding="4" cellspacing="0" summary="" id="ZH-CN_TOPIC_0000001792513826__table164432003147" frame="border" border="1" rules="all">
        <caption>
         <b>表1 </b>Elasticsearch集群注册信息
        </caption>
        <colgroup>
         <col style="width:25.03%">
         <col style="width:74.97%">
        </colgroup>
        <thead align="left">
         <tr>
          <th align="left" class="cellrowborder" valign="top" width="25.03%" id="mcps1.3.2.2.2.2.2.2.3.1.1"><p>参数</p></th>
          <th align="left" class="cellrowborder" valign="top" width="74.97%" id="mcps1.3.2.2.2.2.2.2.3.1.2"><p>说明</p></th>
         </tr>
        </thead>
        <tbody>
         <tr>
          <td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.2.2.2.2.2.2.3.1.1 "><p><span>名称</span></p></td>
          <td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.2.2.2.2.2.2.3.1.2 "><p>自定义Elasticsearch集群名称。</p></td>
         </tr>
         <tr>
          <td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.2.2.2.2.2.2.3.1.1 "><p><span>客户端地址</span></p></td>
          <td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.2.2.2.2.2.2.3.1.2 "><p><span>本产品</span>通过该地址与Elasticsearch连接。</p> <p>配置为：<em>Elasticsearch集群中角色为EsClient的节点业务IP地址</em><strong>:</strong><em>EsClient的服务端口</em></p>
           <ul>
            <li>如果Elasticsearch集群中存在多个角色为EsClient的节点，可以配置多个EsClient地址以提升备份恢复性能。多个地址以英文逗号分隔。</li>
            <li id="ZH-CN_TOPIC_0000001792513826__li597054171813"><a name="ZH-CN_TOPIC_0000001792513826__li597054171813"></a><a name="li597054171813"></a>以FusionInsight Manager 8.2.0版本为例说明查询EsClient业务IP地址和服务端口的操作，不同大数据平台操作略有差异，请参考对应大数据平台的产品文档。
             <ol type="a">
              <li>使用浏览器，登录FusionInsight Manager。</li>
              <li>选择<span class="uicontrol">“集群 &gt; Elasticsearch &gt; 实例”</span>。<p>在该页面获取EsClient节点的业务IP。</p></li>
              <li>选择<span class="uicontrol">“配置”</span>。</li>
              <li>搜索关键字<span class="uicontrol">“port”</span>。<p><span class="uicontrol">“Elasticsearch-&gt;EsClient”</span>下<span class="uicontrol">“SERVER_PORT”</span>对应的值即为要查找的EsClient服务端口。</p></li>
             </ol></li>
           </ul></td>
         </tr>
         <tr>
          <td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.2.2.2.2.2.2.3.1.1 "><p><span>认证模式</span></p></td>
          <td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.2.2.2.2.2.2.3.1.2 "><p>配置Elasticsearch集群与<span>本产品</span>通信的认证模式。该配置项根据Elasticsearch集群已配置的认证模式进行配置。</p>
           <ul>
            <li><span>Simple认证</span>：当Elasticsearch集群未开启Kerberos认证时，选择该认证模式。该认证模式采用用户名进行认证，安全性较差。</li>
            <li><span>Kerberos认证</span>：当Elasticsearch集群已启用Kerberos认证时，选择该认证模式。Elasticsearch集群与<span>本产品</span>之间采用Kerberos协议进行身份认证。</li>
           </ul></td>
         </tr>
         <tr>
          <td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.2.2.2.2.2.2.3.1.1 "><p><span>用户名</span></p></td>
          <td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.2.2.2.2.2.2.3.1.2 "><p>当<span class="uicontrol">“<span>认证模式</span>”</span>选择<span class="uicontrol">“<span>Simple认证</span>”</span>时，才需要配置该参数。</p> <p>输入的用户名需要对要访问的资源具备读写权限。</p></td>
         </tr>
         <tr>
          <td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.2.2.2.2.2.2.3.1.1 "><p><span>密码</span></p></td>
          <td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.2.2.2.2.2.2.3.1.2 "><p>当<span class="uicontrol">“<span>认证模式</span>”</span>选择<span class="uicontrol">“<span>Simple认证</span>”</span>时，才需要配置该参数。</p> <p>输入的用户名的密码。</p></td>
         </tr>
         <tr>
          <td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.2.2.2.2.2.2.3.1.1 "><p><span>Kerberos</span></p></td>
          <td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.2.2.2.2.2.2.3.1.2 "><p>当<span class="uicontrol">“<span>认证模式</span>”</span>选择<span class="uicontrol">“<span>Kerberos认证</span>”</span>时，才需要配置该参数。</p> <p>选择已创建的Kerberos认证。首次注册Elasticsearch集群时，请单击<span class="uicontrol">“创建”</span>，配置Kerberos认证参数。具体参数说明如<a href="#ZH-CN_TOPIC_0000001792513826__table93413354118">表2</a>。</p></td>
         </tr>
         <tr>
          <td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.2.2.2.2.2.2.3.1.1 "><p><span>证书</span></p></td>
          <td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.2.2.2.2.2.2.3.1.2 "><p>当<span class="uicontrol">“<span>认证模式</span>”</span>选择<span class="uicontrol">“<span>Kerberos认证</span>”</span>时，才需要配置该参数。</p> <p>如果您希望<span>本产品</span>与大数据平台通信过程中进行数据加密，实现安全通信，请导入CA证书。</p> <p>导入<a href="zh-cn_topic_0000001839153189.html#ZH-CN_TOPIC_0000001839153189__section6706354142710">获取并导入证书</a>中获取到的CA证书。</p></td>
         </tr>
         <tr>
          <td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.2.2.2.2.2.2.3.1.1 "><p><span>代理主机</span></p></td>
          <td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.2.2.2.2.2.2.3.1.2 "><p>选择执行数据保护的代理主机。</p>
           <div class="note">
            <span class="notetitle"> 说明： </span>
            <div class="notebody">
             <p>不允许将同1台代理主机分配给多个配置了不同Kerberos认证的大数据集群或不同认证模式的大数据集群，否则会导致备份/恢复任务失败。</p>
            </div>
           </div></td>
         </tr>
         <tr>
          <td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.2.2.2.2.2.2.3.1.1 "><p><span>仓库路径所属用户</span></p></td>
          <td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.2.2.2.2.2.2.3.1.2 "><p>配置为搭建Elasticsearch集群环境时设置的仓库路径所属用户。</p> <p>FusionInsight、MRS大数据场景中默认为<strong>omm</strong>。</p></td>
         </tr>
         <tr>
          <td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.2.2.2.2.2.2.3.1.1 "><p><span>仓库路径所属用户的属性</span></p></td>
          <td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.2.2.2.2.2.2.3.1.2 "><p>配置为搭建Elasticsearch集群环境时设置的仓库路径所属用户的属性。</p> <p>FusionInsight、MRS大数据场景中默认为<strong>wheel</strong>。</p></td>
         </tr>
         <tr>
          <td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.2.2.2.2.2.2.3.1.1 "><p><span>启用安全协议</span></p></td>
          <td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.2.2.2.2.2.2.3.1.2 "><p>当<span class="uicontrol">“<span>认证模式</span>”</span>选择<span class="uicontrol">“<span>Kerberos认证</span>”</span>时，才需要配置该参数。</p> <p>是否启用TLS安全协议。</p>
           <ul>
            <li>如果不启用，默认使用TLS 1.2。</li>
            <li>如果启用，支持使用TLS 1.2及以上版本。</li>
           </ul></td>
         </tr>
         <tr>
          <td class="cellrowborder" valign="top" width="25.03%" headers="mcps1.3.2.2.2.2.2.2.3.1.1 "><p><span>启用安全算法</span></p></td>
          <td class="cellrowborder" valign="top" width="74.97%" headers="mcps1.3.2.2.2.2.2.2.3.1.2 "><p>当<span class="uicontrol">“<span>认证模式</span>”</span>选择<span class="uicontrol">“<span>Kerberos认证</span>”</span>时，才需要配置该参数。</p> <p>是否启用安全加密算法。启用后，系统与大数据平台通信的通道将仅使用安全的加密算法加密数据。</p></td>
         </tr>
        </tbody>
       </table>
      </div> <p>配置Kerberos认证参数，相关参数说明如<a href="#ZH-CN_TOPIC_0000001792513826__table93413354118">表2</a>。</p>
      <div class="tablenoborder">
       <a name="ZH-CN_TOPIC_0000001792513826__table93413354118"></a><a name="table93413354118"></a>
       <table cellpadding="4" cellspacing="0" summary="" id="ZH-CN_TOPIC_0000001792513826__table93413354118" frame="border" border="1" rules="all">
        <caption>
         <b>表2 </b>Kerberos认证参数说明
        </caption>
        <colgroup>
         <col style="width:23.24%">
         <col style="width:76.75999999999999%">
        </colgroup>
        <thead align="left">
         <tr>
          <th align="left" class="cellrowborder" valign="top" width="23.24%" id="mcps1.3.2.2.2.2.4.2.3.1.1"><p>参数</p></th>
          <th align="left" class="cellrowborder" valign="top" width="76.75999999999999%" id="mcps1.3.2.2.2.2.4.2.3.1.2"><p>说明</p></th>
         </tr>
        </thead>
        <tbody>
         <tr>
          <td class="cellrowborder" valign="top" width="23.24%" headers="mcps1.3.2.2.2.2.4.2.3.1.1 "><p><span>名称</span></p></td>
          <td class="cellrowborder" valign="top" width="76.75999999999999%" headers="mcps1.3.2.2.2.2.4.2.3.1.2 "><p>自定义Kerberos认证名称。</p></td>
         </tr>
         <tr>
          <td class="cellrowborder" valign="top" width="23.24%" headers="mcps1.3.2.2.2.2.4.2.3.1.1 "><p><span>主体名</span></p></td>
          <td class="cellrowborder" valign="top" width="76.75999999999999%" headers="mcps1.3.2.2.2.2.4.2.3.1.2 "><p>Kerberos认证的主体名，配置格式为：<em>主体名</em>@<em>本端域</em>，如：ES1@HADOOP.COM。</p> <p>以FusionInsight为例，可在FusionInsight Manager界面，<span class="uicontrol">“系统 &gt; 域和互信”</span>页面，查看本端域信息。</p>
           <div class="note">
            <span class="notetitle"> 说明： </span>
            <div class="notebody">
             <p>配置为Kerberos服务器上已配置的主体名，并且该主体名需要对要访问的资源具备读写权限。</p>
            </div>
           </div></td>
         </tr>
         <tr>
          <td class="cellrowborder" valign="top" width="23.24%" headers="mcps1.3.2.2.2.2.4.2.3.1.1 "><p><span>配置方式</span></p></td>
          <td class="cellrowborder" valign="top" width="76.75999999999999%" headers="mcps1.3.2.2.2.2.4.2.3.1.2 ">
           <div class="p">
            Kerberos认证方式，与Kerberos服务器的配置保持一致。Kerberos支持以下两种认证方式：
            <ul>
             <li><span>密码</span>：通过密码进行身份认证。</li>
             <li><span>Keytab文件</span>：通过keytab文件进行身份认证。</li>
            </ul>
           </div></td>
         </tr>
         <tr>
          <td class="cellrowborder" valign="top" width="23.24%" headers="mcps1.3.2.2.2.2.4.2.3.1.1 "><p><span>配置文件</span></p></td>
          <td class="cellrowborder" valign="top" width="76.75999999999999%" headers="mcps1.3.2.2.2.2.4.2.3.1.2 "><p>Kerberos认证过程中使用的<span class="filepath">“.conf”</span>配置文件（如：krb5.conf）。请联系Kerberos服务器管理员从Kerberos服务器获取该文件，单击<span><img src="zh-cn_image_0000001839233193.png"></span>上传至<span>本产品</span>。</p>
           <div class="p">
            由于Kerberos自身的问题，当配置文件中存在<span class="uicontrol">“renew_lifetime”</span>参数时，需将其注释，否则可能导致注册失败。如：
            <pre class="screen">#renew_lifetime = 7d</pre>
           </div></td>
         </tr>
         <tr>
          <td class="cellrowborder" valign="top" width="23.24%" headers="mcps1.3.2.2.2.2.4.2.3.1.1 "><p><span>密码</span></p></td>
          <td class="cellrowborder" valign="top" width="76.75999999999999%" headers="mcps1.3.2.2.2.2.4.2.3.1.2 "><p>当<span class="uicontrol">“<span>配置方式</span>”</span>选择<span class="uicontrol">“<span>密码</span>”</span>时，才需要配置该参数。</p> <p>配置为<span class="uicontrol">“<span>主体名</span>”</span>的密码。</p></td>
         </tr>
         <tr>
          <td class="cellrowborder" valign="top" width="23.24%" headers="mcps1.3.2.2.2.2.4.2.3.1.1 "><p><span>确认密码</span></p></td>
          <td class="cellrowborder" valign="top" width="76.75999999999999%" headers="mcps1.3.2.2.2.2.4.2.3.1.2 "><p>确认<span class="uicontrol">“<span>主体名</span>”</span>的密码。</p></td>
         </tr>
         <tr>
          <td class="cellrowborder" valign="top" width="23.24%" headers="mcps1.3.2.2.2.2.4.2.3.1.1 "><p><span>Keytab文件</span></p></td>
          <td class="cellrowborder" valign="top" width="76.75999999999999%" headers="mcps1.3.2.2.2.2.4.2.3.1.2 "><p>当<span class="uicontrol">“<span>配置方式</span>”</span>选择<span class="uicontrol">“<span>Keytab文件</span>”</span>时，才需要配置该参数。Kerberos认证过程中使用的<span class="filepath">“.keytab”</span>文件（如：user.keytab）。</p> <p>请联系Kerberos服务器管理员从Kerberos服务器获取该文件，单击<span><img src="zh-cn_image_0000001792513870.png"></span>上传至<span>本产品</span>。</p></td>
         </tr>
        </tbody>
       </table>
      </div> <p></p></li>
     <li><span>单击<span class="uicontrol">“确定”</span>。</span></li>
    </ol>
   </div>
  </div>
  <div>
   <div class="familylinks">
    <div class="parentlink">
     <strong>父主题：</strong> <a href="zh-cn_topic_0000001792513814.html">备份Elasticsearch集群</a>
    </div>
   </div>
  </div>
 </body>
</html>